Posted
by
samzenpus
on Monday July 14, 2014 @05:18PM
from the all-your-data-are-belong-to-us dept.

An anonymous reader points out this story about the U.S. Justice Department's claim that companies served with valid warrants for data must produce that data even if the data is not stored in the U.S. Global governments, the tech sector, and scholars are closely following a legal flap in which the US Justice Department claims that Microsoft must hand over e-mail stored in Dublin, Ireland. In essence, President Barack Obama's administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas. It's a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border. A magistrate judge has already sided with the government's position, ruling in April that "the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information." Microsoft appealed to a federal judge, and the case is set to be heard on July 31.

Microsoft is based in the United States, so there may be some valid argument here that as an American company, Microsoft data regardless of where "in the cloud" it is stored is subject to American legal rulings.

The *real* question is what about companies that do business here but are based in other countries?

Well any country you do business in you technically are subject to the laws of that country so even if they are based in china but operate a regional HQ or even a small mom and pops size store you pretty much subject to same thing. They can't go and take said servers but they can serve a warrant and make the company turn over the data.

If this does hold up, and Microsoft releases the data stored in another country (which is ludicrous), then how long will it take for every other country in the world to buy equipment from a non-American or solely domestic company? This may backfire...like most of our administration's policies...

The problem is more basic. As a practical matter: If a company has any staff with credentials to access the data in the USA, the data is subject to American legal action. The companies IT efforts have made the data available in the jurisdiction.

Getting the subpoena to a person with credentials is problematic for the cops. That could be lawyered around I suppose. Serve the company, which includes management, who presumably know who has access.

It's all sorts of things. But only people outside the jurisdiction of the courts are obstructing American justice. Where it's called 'being in compliance with local data privacy laws'.

Did the subpoena prevent you from informing your foreign employer of what was happening? More practically did it prevent corporate legal from informing their foreign bosses. What if the data is protected by their data privacy laws? What if you don't 'know that for sure'. What if your local lawyer 'was certainly unaware of that' (once made aware, he will be dirty and have to move on.)

So if I say to my foreign counterpart "give me this data that I have been subpoenaed to provide" I am obstructing justice? You could argue that the foreign branch is obstructing US justice when they implement the policy of automatic refusal unless/until a local subpoena complying with local legal requirements is received, but nobody there is personally bound by US law, so it's not particularly relevant unless they want to travel to the US in the future. Meanwhile they might very well be in violation of local law by supplying said data without the appropriate local legal authorization.

I'm not happy with this - it seems like an issue where there's no good solution: The US can't be allowed to be "world cops" to this degree - we've proven repeatedly that we've lost whatever moral superiority *might* have once entitled us to such a position - call me paranoid but handing more power to the gestapo-in-training seems to always go badly for the common man. Meanwhile *without* such authority I can easily imagine elaborate corporate data shell games where all sensitive data is inaccessible to any government. The only answer I can see is international treaties bringing corporations to heel, but I suspect those would be tricky in the extreme to get right, even if the self-same megacorps didn't already have pretty much all the relevant politicians in their pocket.

So if I say to my foreign counterpart "give me this data that I have been subpoenaed to provide" I am obstructing justice?

If you did understanding that telling them there was a subpoena would make you less likely to get the data, then yes it would be. You have an obligation to the court. The court is not interested in playing word games with you. If you say anything which causes a foreigner to restrict the courts access to the data you are obstructing justice.

I know Slashdot isn't all one mind, but I seem to remember the arguments from our European members being the opposite when it came time to try Microsoft for being a monopoly.

How can the EU fine a US company? Simple, they fined the portion that was incorporated in the EU.

This is the same issue; The US is not going after the EU Microsoft corporate entity, they are going after the US corporate entity. That these may be the "same" company (like a person with dual citizenship) is not really the issue. They can a

Suppose that the data resides in Swizerland (Swiss privacy laws prohibit moving data overseas - don't know exact details, but the idea should be obvious). Suppose the credentials to give the data is only on the hands of a swiss administrator - no american has access to the data/server/credentials in Swizerland. In this case no matter who in the company orders to give him the credentials, the administrator in Swizerland cannot give them or he would be breaking the Swiss law.

This situation already arose in Swiss banking: the IRS tried to assert jurisdiction over American accounts held in Switzerland. Switzerland 's response was, Screw you. All American accounts there were closed down and the US has been totally spliced out of dealings with this major world financial center. They found they could get along perfectly well without us.

My impression (I have in-laws there) is that same thing is about to happen in Swiss IT. Swiss companies will buy their equipment directly from China and close any operations in the US. As the Obama Dark Age rolls on, we become a tech as well as a financial backwater.

Nothing unfortunate about it. That only affects the rich and powerful who for all purpose defraud american taxpayers and then shift the money offshore.

Why should any american have to suffer increased deficits and taxes so a tiny elite of wealthy parasites can continue to leach american money offshore

It also affects ordinary, non-rich-and-powerful people like myself: I'm an American PhD student in Switzerland and dealing with all the tax laws purportedly targeted at shady rich people (but which overwhelmingly affect ordinary people) is a massive pain and costs my wife and I several hundred dollars per year for a tax accountant to do our reasonably straightforward (i.e. we have some US investments, retirement accounts, etc. but earn all of our income in Switzerland) taxes.

All countries follow the same rule for taxation of citizens: when you live in another country, you remain a 'visitor', taxed in your home country, for one year. After that, your status switches to being taxed by the host country instead, because that's whose economy you live in and benefit from.

The one country that does not follow this rule is the US. Its citizens are taxed in both the home country and, after one year, in the host country. You can credit the host-country tax against the US tax, but because

"if they have the authority to change the policy regarding who has credential to get the data they must do so"

How do you define "has the authority" though? If exercising that authority contravened the laws of a foreign power, does it constitute having authority? What if it contravenes a foreign religious system? What if it contravened the laws of a foreign power that the US doesn't recognise, or in a territory which is under dispute? (Palestine? Crimea? Taiwan? Sealand?).

The end game of this is that tech companies will set up the head of the pyramid of the company in some obscure jurisdiction who will do what they are told, and they'll set up their servers in countries with strong privacy laws, and the US will be left out of the loop.

This gets more warped. It would likely be illlegal to produce certain data on EU citizens like this according to EU privacy directive. Company would be forced to choose to either follow US law or EU law, as these would be at odds with one another.

I can see policy like this bringing current globalization trend to a screeching halt as companies would split to have daughter companies incorporated and operating only in certain countries to shield them against this kind of abuse.

On the other hand, we have corporations playing the same "tricks" with finance. They show little profits in countries with taxes and shockingly, pay extra for some service or other and reap loads of profits in Dublin Ireland or some other tax haven.

If someone has an email in the USA and it ends up on an offshore server, I think it's no different than a dollar that ends up in an offshore account; it's province is in the USA regardless of digital shenanigans.

Microsoft is trying the "you can't hold me responsible for yesterday's shooting because the gun is in my other pants" defense.

The law has _always_ held that if you are before the court, everything relevant to the case is before the court.

If this were not the case then the Tobacco and Asbestos companies could have just said "all those meeting minutes and research records are stored in our warehouse in mexico so ha ha, you all lose." Any company or person, on any issue, could just mail the evidence out of state or out of country and get off scott free.

That just never happened.

Just because the evidence is "on a computer" instead of "printed on paper" doesn't make the "other pants" defense viable.

The court is not reaching across a border. Microsoft is _here_. Microsoft does business _here_. The complaint is _here_, and the court is _here_. The proper legal response to "the other pants" gambit is to tell the guy in his shorts to send someone to go get whatever it is from those pants and bring it back.

Criminals don't just "move" their assets to other countries, they "hide" them because if it can be found it's on the table.

I agree with everything you have stated. However, the situation is not one of Microsoft being required to produce their own documents, they are being required to produce other's documents. So the analogy would be that Microsoft has a rental storage facility in Ireland and the US wants them to riffle through a unit and send some documents they find. That is far less reasonable and clear cut as your summary.

If I used a Saudi document escrow or storage service to store my documents, and they stored them in Botswana, there would be at least three jursidictions with the ability to subpoena those documents. Botswana, Saudi Arabia, and Wherever I live (so State of Washington, and U.S.A. federal jurisdictions).

It was _my_ choice to involve the Saudis and they were acting as my agent when they involved Botswana.

Sucks to be me if my documents are not actionable here but against the law there. I got those places involv

Really read this sentence: "In essence, President Barack Obama's administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas."

The problem is that this case is using a warrant, which historically targets a search of a very specific location and has never been allowed to specify a location not directly within the authority of the court issuing the warrant, yet the administration wants it to act like a subpoena, which does allow the data to be located outside the authority of the issuing court, as long as the person (or company) being served is within the court's authority.

Its worse than that, much like the NSA's over reach scaring off other countries from American tech products, this kind of ruling encourages multinationals to never set up business in the USA. The USA is a big market worth a lot of money, but if they keep piling up reasons why a multinational would want to stay the hell away, eventually companies will stop bothering.

> We really can't tell the difference between Democrats and Republicans.... This sounds so Bush-like...

So you can know the difference on this issue, the Republicans voted to repeal the law. The law generates negative net revenue, costing more to administer and enforce than it brings in. Generally speaking, Republicans are against burdensome taxes, taxes that only cost money and don't increase revenue. That's more of a Democrat thing.

They do have rules to protect and segregate data if they're set up properly, but we already know Microsoft's servers are compromised, and any data on them already available to the US government via the NSA.

This isn't about the US government getting access to the data, it's about establishing and testing legal frameworks for being able to use the data in prosecutions and court cases. That's why the US Justice Department is using a compliant corporation like Microsoft as their test case. MS will put up a t

The *real* question is what about companies that do business here but are based in other countries?

- what do you mean it is a 'question'? We already know the answer to this. [matzav.com] If a business has any presence on USA soil, the oppressive dictatorial USA government feels that it has full authority to demand all information from that business about its customers and their transactions.

This is the case for any normal country, as well it should be. I can't believe I'm defending Obama on something, but they're right on this one: if a country's legal system has a valid case for something, and issues a court order ordering you to turn something over, you can't just avoid a court order by saying "it's in my summer home in another country!". If you refuse, they can hold you in contempt of court until you decide to produce it. Maybe the other country can't be compelled to give it up, but you're in this country, and they can keep you in jail as long as they want.

This has nothing to do with USA citizens, this is about sovereignty of people and countries that are not USA in the first place. Swiss bank doesn't have to disclose ANYTHING to the USA regime about its account holders in Switzerland. Of-course current oppressive USA regime disagrees, apparently you are on the wrong side of the individual rights on this one as well.

Swiss bank doesn't have to disclose ANYTHING to the USA regime about its account holders in Switzerland.

No, but when the US courts find that you, a US citizen living in the US, have monies in a foreign bank account (thanks to documents they seized by court order) which they've proven are stolen or need to be taxed or whatever, "it's not in the country" is not an excuse. You either come up with the money, or you sit in jail forever in contempt of court. You can't just hide property in a foreign country and avoid legal consequences.

Again, the foreign companies are not USA citizens and foreign companies are not subject to USA law on their own land. However if you are an American then you are a SECOND CLASS CITIZEN today (or lower) because foreign banks that have any presence in the USA whatsoever DENY your request to open a bank account:)

If you think this is normal and that is how all countries operate, think again. When you are in Switzerland if you are from India or from China or from Russia or from Germany or from UK or from Brazil or from Uganda you are not going to be prevented from opening a bank account. However if you are from good old US of A you will not be able to open a bank account if you do not have another passport, that's what it is like today to be an American. USA government turned USA citizens into persona non grata for foreign businesses.

By the way, USA is the only of 2 or 3 countries in the world that tax 'world income', as in even if you are not a resident in the country, you are forced to file income taxes every year and above certain income you are forced to pay USA related income taxes:) Great success building that 'independence' and 'freedom'. USA was created to escape this type of persecution, now it is one of the worst offenders against human rights in the world and when I say human rights I am talking about the right to be an individual, the right to self determination, the right not to be a slave to a collective.

By the way, there is 0% wrong with having foreign bank accounts all over the world. AFAIC in today's society everybody needs to have more than one passport and many many many bank accounts and business investments around the world not tied to their country of residence. Of-course you don't have to do it, but then you are owned, aren't you?

And the real story on those Swiss banks is that bank officials were bringing papers in to the US to be signed and sometimes transporting goods as well. In other words, many of the banking functions they were claiming were not subject to US jurisdiction were actually being carried out on US soil and were very much subject to US banking laws. That was the real hook used to get the other data: give us all the other data that will help us build cases against US citizens and we'll be lenient on your company offi

if a country's legal system has a valid case for something, and issues a court order ordering you to turn something over, you can't just avoid a court order by saying "it's in my summer home in another country!"

That's fine. I'm perfectly okay with saying Microsoft has to produce all of their financial information, legal analysis, etc., when required, no matter where it is stored, as a provision of being legally incorporated in the United States.

Where this gets pernicious is that the data they are being required to present is *not* their data. They are a third party holding the data on someone else's behalf. Note the courts specifically say that this would not be okay if it was a physical document, their reasoning for being allowed to subpoena an electronic document is essentially that it's trivial for them to get away with it.

From the article:

The e-mail the US authorities are seeking from Microsoft concerns a drug-trafficking investigation. Microsoft often stores e-mail on servers closest to the account holder.

So presumably this data belongs to someone in Ireland. It's data which was created in Ireland. It may be data which has never left Ireland. But because they made the mistake of dealing with a US company, the data of an Irish citizen sitting in a room in Ireland where Irish law prevails is now being exported to America without Irish courts having any say in the matter.

This is why the data should never have been in Microsoft's possession to begin with, and why it matters what companies you do business with, and what countries they operate in/what laws they are subject to in the various jurisdictions they're incorporated in.

Microsoft is based in the United States, so there may be some valid argument here that as an American company, Microsoft data regardless of where "in the cloud" it is stored is subject to American legal rulings.

The *real* question is what about companies that do business here but are based in other countries?

There must be precedents or applicable laws for physical analogies. If a company operating in the US happens to store physical records somewhere outside the US, and those records are pertinent to the case, would those not be covered by a US subpoena? If the company has access to them and the ability to procure them, what does the physical location of the records or their headquarters matter?

If the company has access to them and the ability to procure them, what does the physical location of the records or their headquarters matter?

Because they are storing someone else's data. That someone else (and their locally stored property) should receive the full protection of their local laws when dealing with a local subsidiary of an international company. This is not an embassy, it is not considered a territorial extension of the United States. The server is owned and taxed as Irish property. It should require an Irish court order to forcibly extract data off of it, same as it would taking letters out of an Irish safety deposit box (even if the bank had an American presence).

Would we be comfortable with courts in China being able to subpoena any US held data from companies with a Chinese presence? "Sorry Yahoo but as part of your incorporation in China we need you to produce any emails from the personal accounts of Boeing employees held on your US owned servers."

Google is an incorporated entity in the United States of America.
The IRS most certainly *can* bring suit against them in a US court, and demand that they turn over records for their tax-haven bank accounts.
The jurisdiction applies between the plaintiff and the defendant, borders matter not.

Where jurisdiction comes in, is we can't fly a team of cops over to the Bahamas and raid the offices of the bank to produce the data, the worst we can do is levy sanctions against the defendant.

Is there a question at all? If you have a presence here, you are subject to our laws. I expect that the reverse is also true, that if I conduct business overseas that I am also subject to the laws of countries whose policies I do not agree with.

Now perhaps business based elsewhere have a recourse US based business do not have: they can stop doing business here and let the vagaries of extradition processes take control. But I wouldn't put money

I expect that the reverse is also true, that if I conduct business overseas that I am also subject to the laws of countries whose policies I do not agree with.

the problem is the US government does not believe that is true at all. For instance other countries have laws that make it illegal for privacy data to be sent out of the country without the users express consent, these US laws are therefore a breach of laws in other countries.

The huge MASSIVE problem with that position is that many other countries have VERY specific laws about data, especially privacy data leaving the borders. This puts international companies in a hugely awkward position where they must break one law or the other, either of which potentially could result in huge fines or Jail time. The US doesn't get to determine what other countries laws are and they definitely do not get to override them.

I guess they can ask a US company to violate foreign law, but they can't ask foreign employees of said company to carry out those orders. And without that vital piece of the puzzle, its kind of silly, right?

Exactly. Hiding data offshore is no different than hiding funds offshore. That said, the governments rights to the data need to be examined in the first place, but if a company is legally bound to produce it, the location it's held in legally shouldn't make any difference.

Imagine the outrage the US Govt would show, if say, China insisted Apple or Google share ALL the information they had stored in the US. Before you dismiss this, think about it... a Chinese Judge (lets say the Chinese equivalent of the SCOTUS) issues a warrant (which would be valid under Chinese law) demanding this...

I'm sure there would be an outrage by POTUS, Congress, and everyone else sticking up their hand.

The criteria is "the company that has the power to demand the data, has to do so if ordered by their country's courts". This probably dates back to the 16th century or earlier. Some time around the Hanseatic League...

A Canadian company with data in Outer Mongolia has to produce the data if it can. If the Outer Mongols prohibit the Canadian company from demanding it normally, the Canadians can't be ordered to produce it, because the data isn't in the Canadian company's control. If they allow it to be demanded normally, a Canadian court can get it. They have to do it via the Mongolian branch, they can't just issue court orders in Mongolia.

Your suspicion is correct: a Canadian company that controls data in the U.S. can indeed be ordered by a Canadian court to produce it .

there is a LOT to see here, this is definitely not a non-issue. This inherently makes US companies a danger to do business with many countries for hosting/cloud services where many countries have laws and/or industries with regulatory requirements that demand data cannot be taken out of the country. This ruling if upheld will make US companies like Amazon, MS, Apple, Google et al a no go when it comes to hosting, the financial ramifications are rather massive.

If this holds, US companies will have trouble competing abroad. Information belonging to a US firm's foreign customer company could be seized without possible recourse, unless the customer hires a US counsel.

I don't see how this is different for any country. If China's government wants something that your company has, and issues a subpoena or court order for it, and your company has a physical presence in China, they can hold those company officers in jail until you produce the information/item. Same goes for any country.

What you need to look at is the track record of the government(s) which your vendor operates under. I never hear about the government of Iceland causing problems with companies and their cus

There's a bit of a fallacy in that comment -- we have no proof that Iceland wouldn't be just as bad if they had the opportunity. If Iceland had the same vendor presence internationally that the US and China do, there's a fairly good chance that sooner or later someone would come into power who feels a need to abuse their position.

What will (and in a lot of places has started to) happen is that all of the countries will just turn inwards and shut out everyone.

I'm pretty sure this is itself a fallacy. You can't just assume every country operates identically, given the same opportunity. That's just like saying every man would rape a woman given a good opportunity, just because one guy did so.

Iceland hasn't done anything to earn a bad reputation. The US government has.

Well said. The "I'm sure everybody else is just as bad" defence of the USA is annoyingly common on Slashdot, but there are no reasons to expect them to be the same. They differ in how healthy their democracies are (USA has a relatively large distance from the wishes of the individual citizen to the actions of the government (this depends on size of the population, the implementation of democracy and the laws regulating the influence of money)), how much resources they can allocate (if Iceland spent the same

Sort of. What they would need to do is form a wholly owned subsidiary within that other country and have that subsidiary contract services at costs.

This gives them legal separation as long as the subsidiary is run by a separate management team. The US would then subpoena the company and subsidiary and use whatever treaty and international laws allows (which likely would be just as much).

Of course the draw backs of that is they will not be able to play the five nuckle shuffle with taxes and end up paying sub

Tax evasion is illegal. Tax avoidance, which is what these companies are practicing, is not.

I've heard this argument from neoliberals on CNBC. It reminds me of a teenager whose parents catch him high as a kite: "You said I shouldn't smoke pot. You didn't say anything about cooking it in brownies and eating it."

It's a reminder about why corporations are regulated. They will do their best to circumvent laws using lawyers, unless they can be sufficiently frightened into behaving. Human beings are capable

The best the US administration can hope for here is to shatter the US software industry into a thousand small associated companies with strict data sharing agreements to handle overseas data. Worst case they slowly succeed at destroying any ability to run a US business that handles overseas customer information.
What is the goal here? There is no way that demanding that kind of access will be sustainable (short of all out secrecy which has obviously failed in this instance.)

A warrant should only mean that someone has been granted a legal right to search for and seize specific property. It should not mean that the owner has any obligation to do anything other than stay out of their way. In particular, if the property is not on the premises (or, as in this case, is entirely out of the court's jurisdiction), there is no reason the owner should feel obligated to say where it is or fetch it. Make them get a warrant for the correct place first—if they can. After all, a warrant

So according to your interpretation, if you played a game like this [kinja-img.com] with sufficiently many cups [the cloud] and the thing to be seized instead of the green ball, you should be pretty much safe from any legal search?

There are several types of warrants. What you are describing is just a single warrant generally referred to as a search warrant.

What we have here is a subpoena , or more precisely a subpoena duces tecum [wikipedia.org]. This subpoena has been used in law since before the country was founded and throughout its existence. IT basically means you need to produce something to the court or whatever agency the law allowing it dictates. It's issued by a judge after a lawful request failed in procuring the items. It generally requ

So what happens when a cloud provider (e.g. Microsoft) hosts customer data for a non-US customer? Does the USG actually think that it's laws take precedence over the laws of region of the owner of the data (i.e., Microsoft's non-US customer) and when the actual transactions are happening off US soil?

Of course, perhaps the best solution for companies like Microsoft is to simply spin-off the non-US data sites as separate entities, so they can't be held liable for the US company's actions. Though this is sti

No self-respecting foreign firm with any sort of confidential info is going to do any business with any US cloud or services provider. Throw in the FISA secret rubber stamp machine and who knows what other data siphoning is in place and you may as well just mail copies of everything to any three-letter agency and, most likely, their MIC bedfellows.

America's standing slips by the day. Thank you MIC and the myopic zealots that are part of das Home Security apparatus.

Effectively, though perhaps not in the strict legal definition, the purpose of a corporation is to make a profit.

As we can plainly see from Microsoft's conduct over the years, they will break whatever laws they can get away with to make that profit. This lawsuit isn't about Hotmail users' e-mail messages, this is about illegal or otherwise objectionable behavior that they are trying to shield in other countries.

If you're worried about your e-mail and data stored on Microsoft's servers, then let's not mix that up with a corporation's ability to hide illegal, unethical, or immoral behavior within a more compliant state's physical borders.

i fully agree with the troubling implications that the U.S. can subpoena any information regardless of where it physically resides in the world, but the headline is woefully inaccurate. i thought this was Slashdot, not BuzzFeed. very disappointed here.

I believe that Microsoft is right to claim the US government doesn't have jurisdiction over data stored outside of the United States. There simply MUST be a clear distinction maintained over where something is located, or country borders don't mean anything. If law enforcement in one country can force the production of evidence located in another country, then it's a free for all and borders have no meaning.

For instance... Lets say that a country (not the USA) has strict privacy laws about data collected and stored digitally and how it can be used. Lets say that they strictly forbid the sharing of specific kinds of data without written consent from the individual the data is about. If Microsoft operates in that country and collects data from it's users and then receives a court order for data from the USA for data stored in the country with strict privacy laws, what is Microsoft to do? Violate the court order and obey the laws under which the data was collected and stored OR violate the laws of another country? If borders mean ANYTHING, Microsoft must obey the local laws of the countries they operate in. So if the data is not here in the USA, the USA cannot force production of the data though the courts.

I understand that this is rife for abuse because it allows the hiding of criminal evidence overseas where it is beyond direct USA reach, but there are processes to obtain such evidence though diplomatic and international law enforcement channels in place. For Civil litigation, there are ways to work though other countries legal systems (albeit inconvenient and expensive ones). So, where I get there are problems, we really cannot just unilaterally decide we have the authority to demand a company produce data held overseas and force them hand over evidence which is not within our borders.

Finally, there is the "How would you feel if somebody did it to you?" test. Let's say the US was where the data was located and some other country was demanding that the data be sent back to them and felt they could enforce their will within the USA.... Would we not feel offended? I dare say we would.

The real issue at hand is the difference between a warrent and a subpoena.The legal requirements to obtain a warrent are rather trivial and obtaining a warrent is rather easy. But a warrent doesn't extend past the boundaries on the United States. A subpoena on the other hand has far stricter oversight and requirements to obtain. But a subpoena requires the one served to provide the information requested regardless of where in the world that information resides.

What's happening is the government is attempting to get the best of both worlds. The trivial requirements of obtaining a warrent, combined with the expanse of a subpoena. And that frankly is wrong and needs to be stopped.

At most, we'll see a US version of every company with the sole objective of ensuring that the only information available is that of US citizens. That is, assuming anybody cares to do anything at all to protect the information of non-US costumers from US government.

Back on topic, yeah, this doesn't surprise me. And nobody will have the guts to say: "You know what, fuck you. We are out of here". Hell, if I were in their position, I'm not sure I would do that either.

And go where? Tech companies require highly-trained employees to operate. They could move to Mexico, for instance, but good luck getting any good employees there; there's not many locals with the requisite skills, and no one else wants to move there with all the cartel violence and kidnappings. They could move to Zimbabwe, but again there's zero locals there that can do the jobs, and who the hell wants to move to Zimbabwe? They could also move to some nice European country, but even here, assuming that

The data is stored in the EU and belongs to EU citizens. US law DOES NOT APPLY. It doesn't matter how much a government bureaucrat screams otherwise. Following the law where you do business goes both ways. EU citizens' data stored in the EU is protected by....wait for it.....EU LAWS!

It's interesting that right at this moment, the Obama Adminstration is pushing an international treaty that will make it so that corporations do not have to comply with a country's laws. It's called "TISA" and it's so bad that it was supposed to be secret for five years after it's ratified and put into action. We only know about it because Wikileaks released a leaked portion of it.

Secret laws being adjudicated in secret courts. All at the behest of corporations who then want (like Microsoft) to not have to comply. It's a pretty ugly type of fascism.

The TISA is classified so investment groups wouldn't take advantage of it before it went into effect, thus screwing you and I over.

For five years after it becomes law?

Also, it's been in negotiation for 2 fucking decade, so not really 'Obama'.

Exactly right. This treaty, which creates corporate sovereignty, is being negotiated in secret...from us. Do you really believe for a moment that it's also secret from the companies that will benefit, like Goldman Sachs?

Every president for the past 30 years has been playing for the same team. And the team does not include us.

I would start with the excellent site by Yves Smith, Naked Capitalism. The writers there are not wild-eyed ideologues, but people who have spent careers in the financial industry, working at pretty high levels. They've been all over this story since the Wikileaks documents broke. Remember, it was Wikileaks that published the secret TPP documents as well, which put the efforts to push that treaty through the tunnel on its heels, at least temporarily. Sunshine can be a great disinfectant.

The problem is with how much control Microsoft has over Microsoft Ireland. If they exercise exclusive control, it's the same company for most all purposes except taxes. If they allow MS Ireland independent operations, then it is a separate company all the way around.

SO basically, unless MS Ireland can set their own prices, develop and sell their own software, they are likely strictly controlled by MS.

You can do business with Americans. You just have to make sure they come to you (outside the USA). Its done all the time. And if one can set up a foreign entity withot a clear trail of ownership back to the US company, itis legally beyond the reach of the DoJ.

So now all you have to deal with is NSA snooping and possibly a CIA assasination.

When you are obligated by law to produce the required information then this is how it is. If you have placed the information out of reach for you to get it, or only refuse to get it, then it has got a fair chance to turn into an obstruction of justice and you will find yourself in even more trouble.

The information has not been placed out of reach by MS, it never was in the US. Nor is it MS's information - it is information belonging to one of their customers that happens to be stored on MS servers (that "cloud" thing) - outside of the US.

MS have made a big selling point of their Irish data centre location being in-EU for projects (including government stuff) that have data subject to EU rules where, in law, it may not be sent outside the EU. If MS-Ireland (or whichever MS-co it is) suddenly starts s